eBay user data compromised by hackers

eBay is asking users to change their passwords after a cyber attack that compromised a database containing encrypted passwords.

The online auction site said hackers compromised a small number of employee log-in credentials sometime between late February and early March, allowing unauthorized access to eBay's corporate network.

The breach was first detected about two weeks ago leading to an “aggressive” forensic investigation that subsequently identified the compromised database, resulting in today’s announcement.

The database included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth, but following extensive tests on its networks the company said it has no evidence that the compromise resulted in any unauthorised activity for eBay users.

There also is no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats, according to the firm, and it has seen no indication of increased fraudulent account activity on eBay.

A statement on the company’s website said: “Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers.

“We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”

It added: “Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.”

The company also said it has no evidence of unauthorised access or compromises to personal or financial information for PayPal users, which is encrypted and stored separately on a secure network.

eBay said it will begin notifying users via email, site communications and other marketing channels to change their password later today, as well as the those on any external sites where the same password is used.